Re: [Tails-dev] [tor-talk] secure and simple network time (…

Supprimer ce message

Répondre à ce message
Auteur: Maxim Kammerer
Date:  
À: tor-talk
CC: The Tails public development discussion list
Sujet: Re: [Tails-dev] [tor-talk] secure and simple network time (hack)
On Thu, Apr 18, 2013 at 1:18 AM, Jacob Appelbaum <jacob@???> wrote:
> Whenever a less friendly person gives me a hard time about the obvious
> futility of tlsdate, I think:
>
> "Let me know how your ntp replacement project goes and I'll gladly use
> it when my shitty one trick pony isn't beating the pants off of your arm
> chair hacking."
>
> I'd say I'm kidding but really, we need a secure network time client and
> we need one badly. If we don't have one, we can't hold certain
> assumptions to be correct and entire systems can be broken. There is
> also the attack surface and architecture of other ntp/ntp-like clients.


There are now apparently enough openly accessible and stable
authenticated NTP servers around to rely on them in a distro. The
problem is that authenticated NTP protocol (more precisely, its
asymmetric crypto Autokey variant) does not support NAT traversal in
either the server *or* the client, since both IP addresses are signed.
I guess the reason is that NTP has no clear distinction between client
and server.

--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte